While searching images on Google Images, we noted a suspicious redirect: hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599hxxp://epnfmackey. info/index.php?tp=81350e0ebb536599 It looks like the Blackhole Exploit Kit URL format! Malicious code can be found by analyzing the page source: The main redirect was created by this ma... Continue reading...

We are working on a free online automated malware analyzer, here there are few example reports generated by the sandbox using malware samples captured in the wild. We capture every URL that is requested by the malware and every new file that is dropped in the disk, we use Driver Radar Pro to block loading […] Continue reading...

Another FakeAV, this time called AntiVirus Studio 2010. Like all FakeAV’s it claims to have found alot of infections in your computer and the only way to clean it is to pay a hefty price for a “license key”. Here we have the main interface. As usual it starts the scan without any user interaction […] Continue reading...

Got a another phishing email today. The email came to an email I have registered to a PayPal account so it instantly caught my eye. I logged into my PayPal account using the correct URL, all is well. So this is obviously another phishing attempt, but not the typical kind. Typical message content, but they […] Continue reading...

GoldInstall Next we have a company called GoldInstall. This is how much they pay for 1000 installs per country. Country Price OTH 13$ US 150$ GB 110$ CA 110$ DE 30$ BE 20$ IT 65$ CH 20$ CZ 20$ DK 20$ ES 30$ AU 55$ FR 30$ NL 20$ NO 20$ PT 30$ LB 6$ […] Continue reading...

More Canadian Pharmacy spam, this time in the form of a fake Facebook invite. Looks like a legitmate invite, but of course, its not. All links on the email point to: hxxp://204.177.184.101/~lgg/complicity.html There you can see the code will redirect the user without any interaction if JavaScript is enabled, if it isn’t it... Continue reading...

InstallConverter This is where things get interesting. This company distributes one executable, TDL3. TDL3 is a very advanced piece of stealth malware, with rootkit capabilities. Here you can see Symantec are well aware of this. Backdoor.Tidserv This is how much they per for 1000 installs per country. USA - $170 Canada - $120 Un... Continue reading...

Defense Center is doing the rounds again, but this time seems to be a bit more aggresive! Lets start off with some screen shots. Like all rogue AV’s it bombards you with warnings about how your computer is “infected”. 30% off! You’d be a fool not to snap that offer up, wouldn’t you? Once installed, ... Continue reading...